Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2024-12-31 22:09:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

2nd try

Browse Source
This commit is contained in:
Emmanuel Fusté 2024-12-09 12:00:16 +01:00
parent f39408086b
commit 88856ecad5
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
testssl.sh
View File

@ -17173,10 +17173,11 @@ run_renego() {
prln_warning "not having provided client certificate and private key file, the client x509-based authentication prevents this from being tested" prln_warning "not having provided client certificate and private key file, the client x509-based authentication prevents this from being tested"
fileout "$jsonID" "WARN" "not having provided client certificate and private key file, the client x509-based authentication prevents this from being tested" fileout "$jsonID" "WARN" "not having provided client certificate and private key file, the client x509-based authentication prevents this from being tested"
else else
# We will extensively use subshell and command pipe # # We will extensively use subshell and command pipe
# Do not let herited pipeline error control interfere # # Do not let herited pipeline error control interfere
[[ $- == *e* ]] && restore_pipeerror=1 # [[ $- == *e* ]] && restore_pipeerror=1
[[ $restore_pipeerror == 1 ]] && set +e # [[ $restore_pipeerror == 1 ]] && set +e
# set +o pipefail
# We will need $ERRFILE for mitigation detection # We will need $ERRFILE for mitigation detection
if [[ $ERRFILE =~ dev.null ]]; then if [[ $ERRFILE =~ dev.null ]]; then
ERRFILE=$TEMPDIR/errorfile.txt || exit $ERR_FCREATE ERRFILE=$TEMPDIR/errorfile.txt || exit $ERR_FCREATE
@ -17209,7 +17210,7 @@ run_renego() {
# s_client STDIN too early as the close could come at any time and race with the tear down of s_client. # s_client STDIN too early as the close could come at any time and race with the tear down of s_client.
# See https://github.com/drwetter/testssl.sh/issues/2590 # See https://github.com/drwetter/testssl.sh/issues/2590
# In this case the added iteration is harmless as it will just spin in backgroup # In this case the added iteration is harmless as it will just spin in backgroup
for ((i=0; i <= ssl_reneg_attempts; i++ )); do sleep $ssl_reneg_wait; echo R; k=0; \ for ((i=0; i <= ssl_reneg_attempts; i++ )); do sleep $ssl_reneg_wait; echo R 2>/dev/null; k=0; \
# 0 means client is renegotiating & doesn't return an error --> vuln! # 0 means client is renegotiating & doesn't return an error --> vuln!
# 1 means client tried to renegotiating but the server side errored then. You still see RENEGOTIATING in the output # 1 means client tried to renegotiating but the server side errored then. You still see RENEGOTIATING in the output
# Exemption from above: server closed the connection but return value was zero # Exemption from above: server closed the connection but return value was zero
@ -17287,7 +17288,7 @@ run_renego() {
;; ;;
esac esac
fi fi
[[ $restore_pipeerror == 1 ]] && set -e # [[ $restore_pipeerror == 1 ]] && set -e
fi fi
#pr_bold " Insecure Client-Initiated Renegotiation " # pre-RFC 5746, CVE-2009-3555 #pr_bold " Insecure Client-Initiated Renegotiation " # pre-RFC 5746, CVE-2009-3555